Systems and methods for managing a network are described. A view of current state of the network is maintained where the current state of the network characterizes network topology and network constituents, including network entities and network elements residing in or on the network. Events are announced that correspond to changes in the state of the network and one or more network elements can be configured accordingly. Methods for managing network traffic are described that ensure forwarding and other actions taken by network elements implement globally declared network policy and refer to high-level names, independently of network topology and the location of network constituents. Methods for discovering network constituents are described, whereby are automatically configured. Routing may be performed using ACL and packets can be intercepted to permit host to continue in sleep mode. The methods are applicable to virtual environments.
Legal claims defining the scope of protection, as filed with the USPTO.
2. The method of claim 1, wherein a data flow comprises a set of data packets, wherein each flow entry comprises (i) a set of conditions for identifying a data flow that meet the set of conditions, (ii) a counter that is incremented whenever a data packet of the identified data flow arrives at the network element, and (iii) a set of operations to be performed by the network element on the data packets of the identified data flow.
3. The method of claim 2, wherein the set of conditions comprises a set of bits to be compared to the bits of an incoming data packet.
4. The method of claim 2, wherein a data packet has a header and a payload data, wherein the network element checks the set of conditions against the header of the packet.
5. The method of claim 2 further comprising, when a particular data flow meets sets of conditions of two or more flow entries each with different priority levels, performing only the set of operations of a flow entry with a highest priority level on the particular data flow.
6. The method of claim 1, wherein said detecting conditions in the network comprises receiving, from at least one network element in the set of one or more network elements, information about initiation of one or more new data flows.
7. The method of claim 1, wherein said sending the flow entries comprises sending each flow entry to a particular network element, wherein the instruction to add the flow entry comprises a command to add the flow entry to a flow-table of the particular network element.
8. The method of claim 1, wherein the network controller is implemented across a plurality of processing devices in a distributed manner.
9. The method of claim 1, wherein detecting conditions in the network comprises, based on information received from the network elements, detecting events at the network controller, wherein sending the flow entries comprises modifying a forwarding behavior of at least one of the network elements based on the detected events.
10. The method of claim 9, wherein said modifying the forwarding behavior of the network element comprises modifying a flow entry of the network element that is associated with a data flow, wherein the flow entry defines a set of operations to perform on the associated data flow.
11. The method of claim 10, wherein said modifying the flow entry comprises removing the flow entry from the network element.
12. The method of claim 9, wherein the event comprises a change in network topology indicating locations of the network elements in the network.
13. The method of claim 9, wherein the event comprises initiation of a new data flow, the method further comprising inserting a set of flow entries into the network element, the set of flow entries specifying forwarding rules for forwarding the new data flow.
14. The method of claim 9, wherein the event comprises addition of a network service to the network, the network service provided by a network element.
16. The non-transitory machine readable medium of claim 15, wherein a data flow comprises a set of data packets, wherein each flow entry comprises (i) a set of conditions for identifying a data flow that meet the set of conditions, (ii) a counter that is incremented whenever a data packet of the identified data flow arrives at the network element, and (iii) a set of operations to be performed by the network element on the data packets of the identified data flow.
17. The non-transitory machine readable medium of claim 16, wherein the set of conditions comprises a set of bits to be compared to the bits of an incoming data packet.
18. The non-transitory machine readable medium of claim 16, wherein a data packet has a header and a payload data, wherein the network element checks the set of conditions against the header of the packet.
19. The non-transitory machine readable medium of claim 16, wherein the program further comprises a set of instructions for, when a particular data flow meets sets of conditions of two or more flow entries each with different priority levels, performing only the set of operations of a flow entry with a highest priority level on the particular data flow.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
August 2, 2020
June 20, 2023
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.